Hospitals and healthcare providers remain under cyber-attack, causing organizations to spend more to protect their systems and patient data. Healthcare has been at or near the top of the list for industries at greatest risk of cyber intrusions over the past two years. Many experts predict global healthcare cybersecurity spending will exceed $65 billion cumulatively over the next five years–from 2017 to 2021.
A survey called “Top of Mind for Top U.S. Health Systems 2018,” nine out of 10 leaders in healthcare indicated that they will increase the cyber security technology spend in the new year–a move which will allow them to stay ahead of new and evolving threats. In terms of cybersecurity spending, roughly half of respondents plan to invest in ways to better identify (54 percent), detect (50 percent) and protect against (50 percent) cyber threats. Less than 20 percent are focused on recover and respond technologies. Asked whether they would pay cybercriminals to recover encrypted files, 17 percent said yes, 17 percent were undecided, 22 percent didn’t know and 44 percent said no.
Healthcare Cybersecurity Trends
- Ransomware: Ransomware was the top cybersecurity trend, affecting 78 percent of providers according to a HIMSS survey. In 2016, we saw a 250 percent growth in ransomware attacks.
- Breaches Get Worse: the fact that healthcare IT and information security is behind other industries and is struggling to keep up is only going to keep healthcare in the crosshairs for the foreseeable future. Couple this with the fact that healthcare information (ePHI) is far more valuable on the black market than other data and there is a perfect storm leading to increased major healthcare breaches.
- More Mobile Treats: Healthcare organizations have the disadvantage of being behind most other verticals as security and maturity of their security programs are concerned. It is critical to address and mitigate the mobile threat or healthcare might see even more incidents than predicted.
- Connected Devices: The complexity and range of devices (IoT) healthcare organizations deploy are staggering. The security on the majority of these devices is at best outdated and, in far too many cases, altogether non-existent. In 2018, healthcare must resolve to tackle the connected device issue.
- Preparation: Most organizations lack a comprehensive incident response plan or lack proper testing and review on plans that do exist. Being is the only way to protect your organization, patients, and others, from the losses that incidents cause.